What’s New from TrendLabs

Quick Links

Cybercrime is a very serious matter. After all, it's crime being committed over the internet, and just like regular
crime, being a victim of it can be a hassle at the very least. The difference here is that you may not know that
you've become a victim until it's too late. Unlike regular crime, cybercrime can be happening to you right now
and you wouldn't even know it. You can simply be doing whatever you usually do online, and without any warning,
cybercrime can strike.

That's why we've put together this gallery. By taking the most popular activities done
by users online, such as searching for information online, as well as reading online news publications  and
then finding what kind of threats involve those activities, we've gathered the seven most common cybercrime scenarios
that you need to avoid so that you'll be able to prevent yourself and your family from falling victim to them.

If you find your desktop suddenly full of words and pictures that basically add up to pay us money or you'll
never be able to use your computer again then you've been hit ransomware. Ransomware is a type of a malware
that locks your files (or worse, your entire system) down so that you can't use them UNLESS you pay the
cybercriminals involved. They usually charge upwards to US$100.

How to Avoid:
Refrain from downloading files from unverified/third party sources, use a security
solution that blocks malicious files from executing/being downloaded. Make sure you always keep backups of your files,
stored on different media and/or a separate system. Keep your software updated.

Just in Case:
Don't pay the ransom, whatever it is. Not only are you helping cybercriminals by paying them, but you're
also opening yourself up to even more cybercrime. The only way to recover is to format your system and restore your
files through an external backup. Disconnect your system from the internet and seek the help of a more
experienced friend/relative/tech support staff if this is your first time doing so.

If you've ever tried to log into your online bank account and found out that not all of your savings are
accounted for, it may be a sign that you've been hit by a cybercriminal. While there are multiple ways
that a cybercriminal could have gotten your account details, there's a likely chance that you had accidentally
stumbled on a phishing website in the past, mistaking it for the login website of your online bank. Always check
to see if the URL of your login website is correct – if it isn't, then it's important that you do the
following right away:

How to Avoid:
Bookmark your online banking website. This stops you from accidentally typing in the wrong URL and stumbling upon
a fake one. Apply additional methods of securing the way you log into your bank account too, such as
two-factor authentication
or any other method that your bank website offers. Don't click on any mails that you may receive asking for
your username or password, too  no organization does that unless it's a scam. They’d never ask you to
connect to their website through a link in an email, either. Also, look into
security solutions
that can block access to this kind of threats.

Just in Case:
Call your bank immediately and alert them of this  they'll help you figure out how to get this fixed, and the
sooner the better. If you can change your online banking details yourself, do so, but make sure to change all other
passwords related to your account (including the email account password you receive your online banking notifications
on). Check out our relevant e-guides
here and here.

You've been turned into a Facebook/Twitter/Social Networking profile spammer. Either you've clicked a
malicious link somewhere, or you stumbled on a fake login website that you tried to log in with (thus sending your
login details to cybercriminals).

How to Avoid:
Don't click every link you see, whether it was sent to you by a contact or posted on your wall/feed. There's
always a chance your contact may have gotten hijacked themselves and are posting malicious links so that you too can
be hijacked. Remember the wisdom of proverbs like there's no such thing as free and if
it sounds too good to be true, it probably is to keep yourself safe. You may aso want to install a
security solution
that warns you of these threats and blocks them automatically.

Just in Case:
Run a scan with your security solution to get the hijacking malware out of your system. Change your password right after,
as well as the password of the email you use for your social networking account. You can check out how to keep your social
media accounts more private and secure with our e-guide,
How To Protect Your Privacy On Social Media.

You've likely become a victim victim of a Premium Service Abuser. They are types of malicious smartphone apps that, when
downloaded and installed, sends subscription messages to a premium service secretly or makes calls and sends messages without
you knowing. This results in you getting all those unauthorized charges.

How to Avoid:
Only download apps from official/first party download sites. Never download any app anywhere else.Just in case: Check all
the apps you very recently downloaded. Do some of them feel off to you, like mislabeled or having the wrong
developer name? Did you download any one from a shady website, or somewhere that isn't a first-party market? Check
on their permissions too. If some of them have way too much for their type of app, then uninstall them at once.
Look into installing a mobile security solution
too, to stop this from happening again. You should also check the app download page for reviews  chances are,
if it's a malicious app, the victims may have left warnings there.

Being forced to answer several surveys to download a desired video or software.

You've been scammed. This is a combination of cybercriminals using Blackhat SEO and social engineering to get you
into a survey scam. What happens is that they check to see what kind of topic will get the most number of victims and\
use that as a lure. That's social engineering. Then they seed a malicious website with keywords that'll make
it appear on top of a search engine results page. This brings us to the survey scam that you landed on, which could
potentially infect you with malware, or land you on a phishing website.

How to Avoid:
Don't use search engines to get what you want. Rather, go directly to reliable websites that you believe may
have what you want, and search from there. For example, instead of looking for a video on a search engine, go to video
websites such as Youtube and search from there. The same thing goes for gifts (Amazon), news (CNN.com, BBC.com) and
trivia (Wikipedia). Also, our security add-on for browsers, as well as our
security offerings
blocks all of these sites automatically.

Just In Case: Close your browser window, disconnect your system from the internet and run a scan with your
security solution, just to make sure no malware got loaded onto your system.

If your smartphone-s battery life isn-t lasting as long as usual  even after you-ve replaced
it  then you might be infected with mobile malware. Most of them have routines that run even if the smartphone
is idle or locked. This of course drains your battery much more quickly, more so when you're using it. You may also
experience slowdown issues whenever using apps.

How to Avoid:
Don't download from unauthorized/third party app download websites. Look into a
mobile security solution
that can block such websites and apps from ever getting to your mobile device.

Just In Case: Similar to Number 4, check your recently-downloaded apps and uninstall them if they seem the
least bit suspicious. You can also download and run a mobile security solution to scan your mobile device for any malware.

System is too slow/crashing a lot all of a sudden, and unable to open
security programs/websites after opening a file attachment or visiting a link.

You may have fallen for a socially-engineered spam attack with a malicious attachment. Like Number 6, cybercriminals
tailored their spam to make sure YOU click on it and open the attached file, which invariably turns out to be malware.
Also note that sometimes, the above may not happen at all – some malware can be so stealthy that their malicious
routines are invisible to the user

How to Avoid:
Delete all suspicious or unfamiliar emails as soon as you get them. These emails would usually ask you to open links
or their attachments for more information or some tempting offer. Even if you're familiar with the sender, try to
verify with them first\(either by phone call or some other type of correspondence) if they did in fact send you
that particular mail before doing anything. Look into a
security solution,
too, to prevent these threats from getting into your inbox.

Just In Case: Quickly disconnect your system from the internet and run a full scan for malware using a security
solution. This will help remove the malware as well as block any future attacks. You can check out our relevant eguide,
How Social Engineering Works,
on how socially-engineered attacks come to play.

Once you recognize these cybercrime scenarios on your own (and teach your family members how to do so, as well)
then going online will be a much more wholesome and
safer experience.